top

Internet of Things will be a security and privacy nightmare

So, your refrigerator is hosting a botnet, your internet-connected pressure cooker is relaying inaudible sounds generated by webpages to advertisers so they can track you better, and someone just hacked into your Nest thermostat and turned the heat up to 100. Now imagine that kind Internet of Things hacking being used by businesses to get information on competitors or by governments to spy on dissidents.

The IoT promises many cool, useful things. It will also be monstrously difficult to control and security will be difficult to implement. There will be way more devices and at least for now, security seems mostly an afterthought. That will have to change.

I’m sure we’ll see one or more really serious IoT data security breaches with profound negative effects in 2016, destroying property and possibly costing lives. This is unlikely to be the work of script kiddies and more likely to be state-sponsored.

The cyber war has already begun.

This is not to say we should abandon the IoT or the Internet (it’s already too late for either) but that hardening and making more resilient this new networking segment is vitally important, as is finding ways to monitor the IoT and quickly recover from attacks.

Being tracked by inaudible sounds is already happening.

SilverPush is an Indian startup that’s trying to figure out all the different computing devices you own. It embeds inaudible sounds into the webpages you read and the television commercials you watch. Software secretly embedded in your computers, tablets, and smartphones pick up the signals, and then use cookies to transmit that information back to SilverPush. The result is that the company can track you across your different devices. It can correlate the television commercials you watch with the web searches you make. It can link the things you do on your tablet with the things you do on your work computer.

Your computerized things are talking about you behind your back, and for the most part you can’t stop them­ — or even learn what they’re saying.